CVE-2022-22111

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-22111

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22111.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-22111

Aliases

GHSA-w6rp-4vj7-v2m8

Published

2022-01-05T15:15:07Z

Modified

2024-05-23T01:23:37.128144Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged user in the application.

References

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Type: GIT
Repo: https://github.com/bottelet/daybydaycrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe842ea5ede237443f1f45a99aeb839133115d8b

Affected versions

1.*

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.2

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

2.*

2.0.0

2.1.0

2.2.0

CVE-2022-22111

Affected packages

Git / github.com/bottelet/daybydaycrm

Affected ranges

Affected versions

1.*

2.*

Other